<?php
/* OpenBIBLIO -- A library administration web interface
 * Copyright (C) 2002-2005 Frederic Descamps <lefred@tiscali.be>
 * Copyright (C) 2011-     Laurent Luyssen   <big.lol13@gmail.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */


include_once("includes/db.inc");

function ChercheUser ($login) {
  $requete = "SELECT * FROM admin WHERE login = '$login'";
  $resultat = biblio_db_query ($requete);
  if ($resultat)
    return  biblio_db_fetch_object ($resultat);
  else {  
    echo "<B>Error in request : '$requete'.</B><BR>";
    echo "<B>MySQL message :</B> " .  biblio_db_error($db);
    exit;
  }  
}

function CreerSession($login, $pwd)
{
  if (!empty($login) && !empty($pwd)) {
	  $user = ChercheUser ($login);
	  //user exists ?
	  if (is_object($user))
	  {
		 //Verification du mot de passe
		 if ($user->pwd == md5($pwd))
		 {
		   //session for 1 hour
		   $_SESSION["login"] = $login;
		   $_SESSION["userId"] = $user->id;
		   $now = date("U");
		   $_SESSION["expireTime"] = $now + 3600;
		   return TRUE;
		 }
     }
  }
  return false;	
}

function SessionExtend() {
	$now = date ("U");
	$_SESSION["expireTime"] = $now + 3600;
}

function SessionValide ()
{
  if (isset($_SESSION["expireTime"])) {
    $now = date ("U");
    if ($_SESSION["expireTime"] > $now)
      return true;
    else
      session_destroy();
  } 
  return false;
}

function GetUserId() {
  if (SessionValide() && isset($_SESSION["userId"]) )
    return $_SESSION["userId"];
  else
    return false;
}

function GetUserLogin($sid = '') {
  if (SessionValide() && isset($_SESSION["login"]) )
    return $_SESSION["login"];
  else
    return false;
}

function ControleAcces ($nomScript, $login, $pwd, &$user_id, $idSession = '') {
  $user_id = GetUserId();
  if ($user_id) { // OK : There is an active session
	SessionExtend();
    return; 
  }
  
  $msg ='';
  if (CreerSession ($login, $pwd))
  {
    $user_id = $_SESSION["userId"];    
    return;
  }
  else 
    $msg = _("Votre identification a &eacute;chou&eacute;.");

// Cas 2.a: no session
  
  echo"<HTML><HEAD><TITLE>";
  echo get_title();
  echo "</TITLE><style type='text/css' media='screen'>";
  echo "@import url('./css/layout.css');";
  echo "</style></HEAD>";
  print "<BODY BGCOLOR=WHITE>";
  include_once("header2.inc");
  include_once("locale.inc");
  print "<CENTER><H1>";
  if ($msg != '') 
    echo "<B>".$msg."</B><BR/>";
  echo _("Authentification");
  print "</H1><BR><IMG SRC=\"images/logo.png\" width=210><HR><BR><form action=\"admin.php\" method=\"POST\" TARGET=\"_top\">";
  print "<TABLE BORDER=0><TR><TD><B>";
  echo _("Login");
  print ": </B></TD><TD><input type=\"text\" name=\"login\"></TD></TR>";
  print "<TR><TD><B>";
  echo _("Mot de passe");
  print ": </B></TD><TD><input type=\"password\" name=\"pwd\"></TD></TR>";
  print "</TABLE><BR><input type=submit value=\"";
  echo _("Entrer");
  print "\"></form></CENTER>";
  include_once("footer.inc");
}

?>
